Microsoft Sentinel has introduced custom graphs in public preview, providing a relationship-first method for organizing and querying security data. Unlike traditional log tables that require complex joins, this feature allows for the visualization of multi-hop connections between entities like users, devices, and IP addresses. This structure helps identify the blast radius of a compromise and uncover malicious behavioral pivots that are often hidden in standard logs.

Source